Normalize your data with the OCSF Common Data Model in Datadog Cloud SIEM

Datadog has introduced the OCSF Common Data Model within its Cloud SIEM to address the challenges posed by the fragmentation of log formats from diverse data sources in security environments. This model aligns security data with the Open Cybersecurity Schema Framework (OCSF), providing a unified schema that normalizes logs across platforms such as AWS CloudTrail, Okta, and GitHub. By automating the normalization process and enriching logs with standardized attributes, the OCSF Model enables security teams to apply prebuilt detection rules across varied data sources without manual parsing or field mapping. This standardization facilitates advanced analytics, expedites investigations, and allows for the detection of cross-platform anomalies, such as brute force login attempts, by correlating data from different services. The model enhances interoperability between tools and reduces the risk of missed signals due to inconsistent data, ultimately strengthening the security foundation by allowing for scalable and reusable detection rules. Datadog's commitment to transparency and adoption of the OCSF standard is further demonstrated by sharing its attribute remappings with the broader community through public GitHub repositories.